Lucene search
K

19630 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.5 views

CVE-2025-71357

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS6AI score0.00276EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.14 views

PT-2026-51261

Name of the Vulnerable Software and Affected Versions Comfast CF-WR631AX V3 versions prior to 2.7.0.8 Description A remote OS command injection flaw exists in the API Endpoint component. The issue occurs within the system function of the '/cgi-bin/mbox-config?section=ping config' endpoint when th...

6.5CVSS6.9AI score0.01182EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.14 views

PT-2026-51254

Name of the Vulnerable Software and Affected Versions Edimax BR-6478AC V2 version 1.23 Description Command injection can be triggered remotely via the POST Request Handler component. The issue exists within the setWAN function located in the '/goform/setWAN' endpoint. Manipulation of the...

6.5CVSS6.9AI score0.01182EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.10 views

PT-2026-51262

A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the component Image Name Handler. Such manipulation leads to os command injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in an...

6.5CVSS6.2AI score0.01158EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/19 2:46 p.m.7 views

Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()

Summary The AWS Bedrock AgentCore Python SDK bedrock-agentcore is an open-source SDK that enables developers to build, deploy, and manage agents on AWS Bedrock AgentCore. An issue exists in the installpackages method of the Code Interpreter client where crafted package name arguments can bypass...

8.4CVSS6.3AI score0.00302EPSS
Exploits0References5Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in Samba

A flaw was discovered in Samba, particularly in the handling of the front-end WINS hook: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets is inserted into shell commands and executed b...

10CVSS8.1AI score0.39677EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 has an improper neutralization of line delimiters, which is relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can cause a new line to be inserted into a spool header file, thereby indirectly allowing unauthenticated...

9.8CVSS8.1AI score0.09285EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in libssh

A flaw was discovered in the libssh API function sshscpnew, in versions prior to 0.9.3 and prior to 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a path provided by the user, is executed on the server side. If the library is used in a way that allows user...

9.3CVSS6.8AI score0.0316EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in libxstream-java

XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker with sufficient rights to execute commands on the host by manipulating the input stream being processed. No users are affected as long as they follow...

8.5CVSS7.8AI score0.9851EPSS
Exploits6References2
NVD
NVD
added 2026/06/18 5:16 p.m.13 views

CVE-2026-38716

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

9.8CVSS0.01316EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/06/18 2:0 p.m.8 views

Microsoft Copilot Tampering Vulnerability

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...

7.5CVSS5.9AI score0.00399EPSS
Exploits0
Nuclei
Nuclei
added 2026/06/18 12:11 p.m.243 views

Apache HugeGraph-Server - Remote Command Execution

Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. However, versions prior to 1.3.0 are vulnerable to a remote command execution RC...

9.8CVSS9AI score0.9921EPSS
Exploits11References6
CVE
CVE
added 2026/06/18 12:0 a.m.18 views

CVE-2026-38714

CVE-2026-38714 affects InHand Networks IR912 and IR915 devices (firmware v1.0.0.r20042 and earlier). A command-injection flaw exists in the Python configuration function, allowing remote attackers to execute arbitrary commands as root via a crafted input. Documents do not specify exploited vector...

9.8CVSS6AI score0.01316EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/18 12:0 a.m.15 views

CVE-2026-38715

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

0.01316EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 12:0 a.m.21 views

CVE-2026-38715

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (and earlier) contain a command injection vulnerability in the log viewing function. The issue allows remote attackers to execute arbitrary commands as root via crafted input, yielding a CRITICAL (CVSS 3.1: 9.8) impact with network attac...

9.8CVSS6AI score0.01316EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/18 12:0 a.m.10 views

CVE-2026-38717

The CVE-2026-38717 entry concerns InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (and earlier) with a command injection vulnerability in the file upload function. The root cause is improper handling of crafted input in the upload process, enabling remote attackers to execute arbitrar...

9.8CVSS5.9AI score0.01316EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/17 10:16 p.m.13 views

CVE-2026-12530

Improper neutralization of argument delimiters in the installpackages method in AWS Bedrock AgentCore Python SDK versions = 1.1.3 and 1.6.1 might allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments. To mitigate thi...

8.4CVSS0.00302EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.9 views

CVE-2025-59872

HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or operating system command...

9.8CVSS0.00454EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50460

Name of the Vulnerable Software and Affected Versions Cisco Crosswork Network Controller affected versions not specified Description Insufficient input validation in the configuration template engine of the web-based management interface allows an authenticated remote attacker to execute arbitrar...

6.3CVSS6.4AI score0.00253EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/16 9:32 p.m.8 views

EUVD-2026-37201

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attacker who can...

9.8CVSS8.1AI score0.00934EPSS
Exploits0References6
Rows per page
Query Builder